> For the complete documentation index, see [llms.txt](https://0xpthree.gitbook.io/notes/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://0xpthree.gitbook.io/notes/post-exploit/compile-payload.md). # Compile payload Compiling payload on the local host which is going to be executed on a remote victim often comes errors in form of version mismatch. Below is a quick way to solve it. ## Debian-based (`glibc`) 1. Find information about the target. ```bash aas@Leakage:/tmp$ cat /etc/os-release | grep -i pretty PRETTY_NAME="Ubuntu 18.04.3 LTS" aas@Leakage:/tmp$ ls -al /lib/x86_64-linux-gnu/libc.so.6 lrwxrwxrwx 1 root root 12 Apr 16 2018 /lib/x86_64-linux-gnu/libc.so.6 -> libc-2.27.so ``` 2. Create a `Dockerfile` with the same image or libc-version. Ubuntu images: ```bash ## Dockerfile FROM ubuntu:18.04 as dev ## Install build-essential and copy files to container RUN apt update && apt install -y build-essential WORKDIR /src COPY . /src/ ## Build the binary FROM dev as build RUN CGO_ENABLED=0 gcc -o cve exploit.c ## Copy binary from container to host FROM scratch as artifact COPY --from=build /src/cve ./cve FROM release ``` 3. Build the payload using `DOCKER_BUILDKIT` ```bash utv-kali :: /tmp/test » DOCKER_BUILDKIT=1 docker build --target artifact --output type=local,dest=. . --network=host [+] Building 12.4s (11/11) FINISHED => [internal] load build definition from Dockerfile 0.0s => => transferring dockerfile: 460B 0.0s => [internal] load .dockerignore 0.0s => => transferring context: 2B 0.0s => [internal] load metadata for docker.io/library/ubuntu:18.04 0.5s => [internal] load build context 0.0s => => transferring context: 483B 0.0s => CACHED [dev 1/4] FROM docker.io/library/ubuntu:18.04@sha256:152dc042452c496007f07ca9127571cb9c29697f42acbfad72324b2bb2e43c98 0.0s => [dev 2/4] RUN apt update && apt install -y build-essential 11.8s => [dev 3/4] WORKDIR /src 0.0s => [dev 4/4] COPY . /src/ 0.0s => [build 1/1] RUN CGO_ENABLED=0 gcc -o cve exploit.c 0.1s => [artifact 1/1] COPY --from=build /src/cve ./cve 0.0s => exporting to client 0.0s => => copying files 13.16kB 0.0s utv-kali :: /tmp/test » ls -al total 28 drwxrwxr-x 2 void void 100 Nov 2 14:22 . drwxrwxrwt 39 root root 860 Nov 2 15:55 .. -rw-rw-r-- 1 void void 342 Nov 2 14:17 Dockerfile -rwxr-xr-x 1 void void 13136 Nov 2 14:03 cve -rw-rw-r-- 1 void void 6312 Nov 2 13:08 exploit.c ``` *** ## Alpine-based (`libc.musl`) Useful images: ```bash ## Dockerfile FROM frolvlad/alpine-glibc:glibc-2.27 as dev ## Install builder-base and copy files to container RUN apk add build-base WORKDIR /src COPY . /src/ ## Build the binary FROM dev as build RUN CGO_ENABLED=0 gcc -o cve exploit.c ## Copy binary from container to host FROM scratch as artifact COPY --from=build /src/cve ./cve FROM release ``` Build the payload with the same commands as in the above example. --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter, and the optional `goal` query parameter: ``` GET https://0xpthree.gitbook.io/notes/post-exploit/compile-payload.md?ask=&goal= ``` `ask` is the immediate question: it should be specific, self-contained, and written in natural language. `goal` is optional and describes the broader end goal you are ultimately trying to accomplish on behalf of the user. GitBook uses it to tailor the answer towards what is most useful for that goal. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.